package com.mobi.security.policy.rest;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.mobi.exception.MobiException;
import com.mobi.jaas.api.engines.EngineManager;
import com.mobi.rest.util.ErrorUtils;
import com.mobi.rest.util.RestUtils;
import com.mobi.security.policy.api.PDP;
import com.mobi.security.policy.api.Request;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.rdf4j.model.IRI;
import org.eclipse.rdf4j.model.Literal;
import org.eclipse.rdf4j.model.ValueFactory;
import org.eclipse.rdf4j.model.impl.ValidatingValueFactory;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.jaxrs.whiteboard.propertytypes.JaxrsResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/pep")
@JaxrsResource
@Component(service = {PolicyEnforcementRest.class}, immediate = true)
/* loaded from: input_file:com/mobi/security/policy/rest/PolicyEnforcementRest.class */
public class PolicyEnforcementRest {
    private static final ObjectMapper mapper = new ObjectMapper();
    private PDP pdp;
    private EngineManager engineManager;
    private final Logger log = LoggerFactory.getLogger(PolicyEnforcementRest.class);
    private final ValueFactory vf = new ValidatingValueFactory();

    @Reference
    void setPdp(PDP pdp) {
        this.pdp = pdp;
    }

    @Reference
    void setEngineManager(EngineManager engineManager) {
        this.engineManager = engineManager;
    }

    @Consumes({"application/json"})
    @Operation(tags = {"pep"}, summary = "Converts user provided request into XACML and evaluates", responses = {@ApiResponse(responseCode = "200", description = "the decision of the XACML request evaluation"), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @POST
    @Produces({"text/plain"})
    @RolesAllowed({"user"})
    public Response evaluateRequest(@Context HttpServletRequest httpServletRequest, @Parameter(description = "A JSON object containing XACML required fields", required = true) String str) {
        this.log.debug("Authorizing...");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            ObjectNode objectNode = (ObjectNode) mapper.readValue(str, ObjectNode.class);
            IRI iri = (IRI) RestUtils.optActiveUser(httpServletRequest, this.engineManager).map((v0) -> {
                return v0.getResource();
            }).orElse(this.vf.createIRI("http://mobi.com/users/anon"));
            String asText = ((JsonNode) Optional.ofNullable(objectNode.get("actionId")).orElseThrow(() -> {
                return new IllegalArgumentException("Action ID is required");
            })).asText();
            String asText2 = ((JsonNode) Optional.ofNullable(objectNode.get("resourceId")).orElseThrow(() -> {
                return new IllegalArgumentException("Resource Id is required");
            })).asText();
            IRI createIRI = this.vf.createIRI(asText);
            Request createRequest = this.pdp.createRequest(Collections.singletonList(iri), getAttrMap("subjectAttrs", objectNode), Collections.singletonList(this.vf.createIRI(asText2)), getAttrMap("resourceAttrs", objectNode), Collections.singletonList(createIRI), getAttrMap("actionAttrs", objectNode));
            this.log.debug(createRequest.toString());
            com.mobi.security.policy.api.Response evaluate = this.pdp.evaluate(createRequest, this.vf.createIRI("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides"));
            this.log.debug(evaluate.toString());
            this.log.debug(String.format("Request Evaluated. %dms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            return Response.ok(evaluate.getDecision().toString()).build();
        } catch (IllegalArgumentException e) {
            throw ErrorUtils.sendError(e, e.getMessage(), Response.Status.BAD_REQUEST);
        } catch (JsonProcessingException | MobiException e2) {
            throw ErrorUtils.sendError("Request could not be evaluated", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("/multiDecisionRequest")
    @Consumes({"application/json"})
    @Operation(tags = {"pep"}, summary = "Converts user provided requests into XACML and evaluates", responses = {@ApiResponse(responseCode = "200", description = "the XACML Responses for the corresponding XACML requests"), @ApiResponse(responseCode = "400", description = "BAD REQUEST"), @ApiResponse(responseCode = "500", description = "INTERNAL SERVER ERROR")})
    @POST
    @Produces({"text/plain"})
    @RolesAllowed({"user"})
    public Response evaluateMultiDecisionRequest(@Context HttpServletRequest httpServletRequest, @Parameter(description = "A JSON object with XACML required fields", required = true) String str) {
        List emptyList;
        List emptyList2;
        this.log.debug("Authorizing...");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            ObjectNode objectNode = (ObjectNode) mapper.readValue(str, ObjectNode.class);
            IRI iri = (IRI) RestUtils.optActiveUser(httpServletRequest, this.engineManager).map((v0) -> {
                return v0.getResource();
            }).orElse(this.vf.createIRI("http://mobi.com/users/anon"));
            if (objectNode.hasNonNull("actionId") && objectNode.get("actionId").isArray()) {
                Stream map = StreamSupport.stream(objectNode.get("actionId").spliterator(), false).map((v0) -> {
                    return v0.asText();
                });
                ValueFactory valueFactory = this.vf;
                Objects.requireNonNull(valueFactory);
                emptyList = (List) map.map(valueFactory::createIRI).collect(Collectors.toList());
            } else {
                emptyList = Collections.emptyList();
            }
            List list = emptyList;
            if (objectNode.hasNonNull("resourceId") && objectNode.get("resourceId").isArray()) {
                Stream map2 = StreamSupport.stream(objectNode.get("resourceId").spliterator(), false).map((v0) -> {
                    return v0.asText();
                });
                ValueFactory valueFactory2 = this.vf;
                Objects.requireNonNull(valueFactory2);
                emptyList2 = (List) map2.map(valueFactory2::createIRI).collect(Collectors.toList());
            } else {
                emptyList2 = Collections.emptyList();
            }
            List list2 = emptyList2;
            if (list2.size() > 1 && list.size() > 1) {
                throw ErrorUtils.sendError("Only one field may have more than one value.", Response.Status.BAD_REQUEST);
            }
            Request createRequest = this.pdp.createRequest(Collections.singletonList(iri), getAttrMap("subjectAttrs", objectNode), list2, getAttrMap("resourceAttrs", objectNode), list, getAttrMap("actionAttrs", objectNode));
            this.log.debug(createRequest.toString());
            ArrayNode evaluateMultiResponse = this.pdp.evaluateMultiResponse(createRequest, this.vf.createIRI("urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides"));
            this.log.debug(evaluateMultiResponse.toString());
            this.log.debug(String.format("Request Evaluated. %dms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis)));
            return Response.ok(evaluateMultiResponse.toString()).build();
        } catch (JsonProcessingException | IllegalArgumentException | MobiException e) {
            throw ErrorUtils.sendError("Request could not be evaluated", Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Map<String, Literal> getAttrMap(String str, ObjectNode objectNode) {
        return objectNode.hasNonNull(str) ? (Map) objectNode.get(str).properties().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return this.vf.createLiteral(((JsonNode) entry.getValue()).asText());
        })) : Collections.emptyMap();
    }

    private String getMessageOrDefault(com.mobi.security.policy.api.Response response, String str) {
        return StringUtils.isEmpty(response.getStatusMessage()) ? str : response.getStatusMessage();
    }
}
